package com.pengtu.gsj.utils.filter;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.filter.OncePerRequestFilter;

import com.pengtu.gsj.utils.web.ServletUtils;

/** 
 * @author zl 
 * @version 创建时间：2017年1月10日 上午10:33:13 
 * 类说明 
 */
public class SafetyFilter extends OncePerRequestFilter {

	@Override
	protected void doFilterInternal(HttpServletRequest request,
			HttpServletResponse response, FilterChain filterChain)
			throws ServletException, IOException {
		
		
		/**
		 * 只接受Get POst 方法
		 */
	  	final java.lang.String _jspx_method = request.getMethod();
	    if (!"GET".equals(_jspx_method) && !"POST".equals(_jspx_method) ) {
	      response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, " only permit GET POST or HEAD");
	      return;
	    } 
		
		String referer = request.getHeader("Referer");
		String basePath = ServletUtils.getAppURL(request);
		if (referer != null && !referer.startsWith(basePath)) {
			response.sendRedirect("/error/404.jsp");  
			return ;
		}
		filterChain.doFilter(new XSSRequestWrapper(request), response);
	}

}
